Secure Your Site: Vulnerabilities Found In WordPress All-In-One SEO
There are quite a few different WordPress plugins available that can add a variety of functionality to your WordPress website. Remember one of the plugins I developed, Eazy Twitter Cards? This is an example of how plugins can be one of the best parts of WordPress because it allows you to expand the capabilities of your website by extending the functionality by using other developers code.
One of these plugins, called “All-In-One SEO” was discovered to have security vulnerabilities that could cause malicious activity to take place on your website. This vulnerability could effect up to 15 million WordPress websites that use this plugin.
So basically what can happen is, if your website allows users to create a non-admin account, they could use this account to modify parameters used by the All-In-One SEO plugin. The user could change your SEO title, meta description, keywords, meta tags and more. This could cause your website to not rank in search results for the terms you want it to.
Another aspect of the vulnerability that causes more concern is that someone could use this same vulnerability to inject and execute malicious JavaScript code, that could leave backdoors, change Administrative passwords, and even worse.
This is potentially pretty serious if you use this plugin.
What should you do to fix this?
Fortunately, the All-In-One SEO team was quick to patch the vulnerability and has updated the code in the WordPress Repository, so all you need to do is update the plugin in order to patch the problem.
Other Alternatives
I have been partial to SEO By Yoast for a number of years now because it is well documented and Yoast has a stellar reputation in the WordPress community as a developer that stands behind his code.
I use the Yoast plugin with my clients because of the level of trust I have with his products, earned through years of quality development. It’s not to say that vulnerabilities do not exist in Yoast’s plugin, but I feel comfortable that the code review and other steps he puts in place prevent a lot of vulnerabilities that can be found in other plugins.
I myself is now using Yoast for my SEO plugin. I think it is better in most aspects than all in one SEO. I didn’t know that there are vulnerabilities so I guess I made the right move.
I myself is now using Yoast for my SEO plugin. I think it is better in most aspects than all in one SEO. I didn’t know that there are vulnerabilities so I guess I made the right move.
I knew about the issue right away so I immediately updated mine right after the team release the newer and safer version. Glad I did it quickly.